Office de la propriete 

intellectuelle 

du Canada 

Un organisme 
d'lndustrie Canada . 



Canadian 

Intellectual Property 
Office 

An Agency of 
Industry Canada 




Certification 

La presente atteste^ue les documents! 
ci-joints, dont la list^^^^ckdessous^ 
sont des copies authen^i^ ^^ ^^i^^ 1 
ments deposes au Bureaif J^Pre\cegS 





Certification 

) certify that the documents 
ereto andidentified below are 
l^^^gi^^f Ih^documents on file in 



nd<E>ra,\?5Mgs^ as^riginallylfi^ed 1 



Specification aiykDra^j^ for Patent Serial No: 

2,299 ? 824^i^riM:wl^by SgIC»^^ !^^ lUN, assignee of Steven Spicer, 
Christopher M^m, r STe^ Patrick Pidduck, Phillip 

Von Hatten, Tim Lehan; Mark OnisSke and Clayton Grassick, for "Network Resource 
Control System 5 ' 



CERTIFIED COPY OF 
PRIORITY DOCUMENT 




CA 02299824 ,1999-03-01 
U3/U1/UU 20:25 KAA WWUMM lg]UU4 



ABSTRACT 

A network resource control system allow network mers to communicate with network 
resource!, and includes a resource registry, an administration server, a proxy server, a driver 
jerver, and an authorization server. The resource registry includes resource records which are 
associated with the network resources and define a target address and a resource type for each 
network resource. The adnunistration server is in communication with the resource registry 
and provides the resource administrators of each network resource with access to their 
respective resource records. The proxy server is in communication with the resource registry 
and facfRfltPs data transfer between the network users and the network resources in 
accordance with the resource records. The driver server includes driver applications for the 
network resources. The authorization server is in communication with the resource registry 
and the driver server and provides the driver applications to the network users in accordance 
with the resource record. Each driver application includes a resource driver, a driver 
administrator, and a data transmitter. The resource driver facilitates co mmunicati on of 
application data between a user application and target network resources. The resource driver 
includes a driver input for receiving the application data and a driver output for providing a 
translation of the application data. The driver administrator is in communication with the 
resource registry and configures the resource driver in accordance with the resource records 
associated with the target network resource. The data transmitter is in communication with 
the driver output flnf l transmits the translated data to the target network resource. 



NETWORK RESOURCE CONTROL SYSTEM 



FIELD OF THE INVENTION 
5 The present invention relates to a method and system for network management system. 
In particular, the present invention relates to a method and system tor controlling access 
to network resources. 

10 BACKGROUND OF THE INVENTION 

Local area networks are widely used as a mechanism for making available computer 
resources, such as file servers, scanners, and printers, to a multitude of computer users. It 
is often desirable with such networks to restrict user access to the computet resources in 
order to manage data traffic over the network and to prevent unauthorized use of the 

15 resources. Typically, resource access is restricted by defining access control lists for each 
network resource. However, as the control lists can only be defined by the network 
administrator, it is often difficult to manage data traffic at the resource level. 

Wide area networks, such as the Internet, have evolved as a mechanism for providing 

20 distributed computer resources without regard to physical geography. Recently, the DPP 
protocol has emerged as means to control access to printing resources over the Internet. 
However, tho JPP protocol is replete with deficiencies. First, as IPP-compliant printing 
devices are relatively rare, Internet printing is not readily available. Second, although the 
BPP protocol allows user identification information to be transmitted to a target resource, 

25 access to IPP-compliant resources can only be changed on a per-reeource basis. This 
limitation can be particularly troublesome if the administrator is required to change 
permissions for a large number of resources. Third, users must have the correct resource 
driver and know the IPP address of the target resource before communicating with the 
resource. Therefore, if the device type or the IPP address of the target resource changes, 

30 users must update the resource driver and/or the IPP address of the resource. Also, if a 
user wishes to communicate with a number of resources, the user must install and update 
the resource driver and IPP address for each resource as the properties of each resource 
changes. Fourth, access to IPP printers cannot be obtained without the resource 
adininistrator locating the resource outside the enterprise firewall, or without opening an 

35 access part through the enterprise firewall. Whereas the latter solution provides the 

resource administrator with the limited ability to restrict resource access, the necessity of 
opening an access port in the enterprise firewall exposes the enterprise network to the 
possibility of security breaches. 

40 Consequently, there remains a need for a network resource control solution which allows 
resource owners to easily and quickly control resource access, which is not hindered by 
changes in device type and resource network address, which facilitates simultaneous 
communication with a number of target resources, and which does not expose the 
enterprise network to a significant possibility of security breaches- 
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SUMMARY OF THE INVENTION 

According to the invention, there is provided a network resource control system and 
method system which addresses deficiencies of the prior art 

5 

The network resource control system, according to a first aspect of the present invention, 
allows network users to communicate with network resources, and comprises a resource 
registry, an administration server, and a proxy server. The resource registry includes 
resource records which are associated with the network resources and define a target 
10 address and a resource type for each network resource. The administration server is in 
communication with the resource rogutty and provides the resource administrators of 
each network resource with access to their respective resource records. The proxy server 
is in communication with the resource registry and f ac ilitates data transfer between the 
network users and the network resources in accordance with the resource records. 

15 

The network resource control system, according to a second aspect of the present 
invention, allows network users to communicate with network resources, and comprises a 
resource registry, a driver server, and an authorization server. The resource registry 
includes resource records which are associated with the network resources and define a 
20 target address and a resource type for each network resource. The driver server includes 
driver applications for the network resources. The authorization server is in 
communication with the resource registry and the driver server and provides the driver 
applications to the network users in accordance with the resource records for facilitating 
data transfer between the network users and the network resources. 

25 

The network resource control system, according to a third aspect of the invention, allows 
network users to communicate with network resources located behind an enterprise 
firewall, and comprises a proxy server, and a polling server. The proxy server is located 
outside the enterprise firewall and receives application data from network users. The 
30 polling server is located behind the enterprise firewall and is configured to poll the proxy 
server for initiating transmission of the received application data from the proxy server to 
the polling server. 

The network resource control system* according to a fourth aspect of the present 
35 invention, is associated with a resource registry having resource records associated with 
network resources fox allowing network users to communicate with the network 
resources, and comprising a resource driver, a driver administrator, and a data transmitter. 
The resource driver facilitates communication of application data between a user 
application and target network resources. The resource driver includes a driver input for 
40 receiving the application data and a driver output for providing a translation of the 

application data. Hie administrator is in communication with the resource registry for 
configuration of the resource driver in accordance with the resource records associated 
with the target network resource. The data transmitter is in communication with the 
driver output for transmitting the translated data to the target network resource. 
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The network resource control method, according to & fifth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

providing a resource registry including resource records associated with the 
network resources, the resource records including user access control data; 

receiving user access control data from administrators of the network resources 
for incorporation into me resource records; and 

depending upon the user access control data received, configuring the network 
users for communication with the network resources 



The network resource control method, according to a sixth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

receiving a request from one of file network users far communication with a target 
15 one of the network resources; 

obtaining resource configuration data associated with the target one network 
resource; 

determining a user authorization for communication with the target one network 
resource; and 

20 depending upon the outcome of the user authorization step, verifying a 

correspondence between the resource configuration data and user configuration data 
associated with the one network user. 

The network resource control method, according to a seventh aspect of the invention* 
25 facilitates communication between users of a network and resources in communication 
with the network, and comprises the steps of: 

providing a request from one of the network users for communication with a 
target one of the network resources; 

receiving £rom the one network user application data for transmission to the target 
30 one network resource, and receiving resource network address data associated with the 
target one network resource over a oommunicatians channel secure from the one network 
user; and 

directing the application data over the network m accordance with received 
network address data. 

35 

The network re s o u r c e control method, according to an eighth aspect of the invention, 
facilitates communication over a network between users of the network and network 
resources located behind an enterprise firewall, and comprises the steps of: 

polling a proxy server located outside the enterprise firewall for requests for 
40 communication with the network resources; 

receiving application data and associated network resource data from the proxy 
server in response to the poll step; and 

directing the application data to the network resources in accordance with 
associated network resource data. 

-3- 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Hie preferred embodiment of the invention will now be described, by way of example 
only, with reference to the drawings, in which: 

5 

Fig. 1 is a schematic representation of a network resource control system, according to 
the present invention, showing die resource registry, the administration server, the proxy 
server, the driver server, and the authorization server, and 

10 Fig. 2 is a schematic representation of a driver application for use with die present 

invention, showing the resource driver, the driver administrator, and the data transmitter. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
15 Turning to Fig. 1, a network resource control system, denoted generally as 100, is shown 
comprising a resource registry 1 02, an administration server 1 04, an authorization server 
106, a number of network resources 108, and a number of network: users 1 10. Preferably, 
each network resource 108 comprises a printing device, and the network resource control 
system controls access by the network users 110 and die printing devices. However, it 
20 should be understood at the outset that the invention is not limited to a network printing 
control system, and that the network resource 108 may comprise any of a variety of data 
communication devices, including facsimile machines and image servers. 

Hie administration server 104, the authorization server 106 and the network resources 
25 1 0 8 are available by the network users 1 1 0 over a wide area network 1 12, such as the 
Internet. The resource registry 102 comprises a resource database 1 1 4 which includes 
resource records associated with the network resources 108, and a driver database 1 16 
which includes resource drivers which allow user software applications to communicate 
with the network resources 108. 

30 

Each resource record identifies a target address, resource type and user access level for 
the associated network resource 1 08. Also, each resource record identifies a pseudo- 
name for the associated network resource 108 to identify the network resource to network 
users. Preferably, die pseudo-name is a network alias that identifies the physical location 
35 and properties of the network resource 108, but does not identify the network address of 
the resource 108. Further, although each network resource 1 08 may be defined with a 
unique pseudo-name, a group of network resources 108 may be defined with a common 
pseudo-name to allow communication with a group of network resources 108. 

40 Preferably, the user access level comprises one of a) "public access" in which any user 
110 of die network 1 12 can communicate with the target network resource 108, b) 
"private access" in which only members of the enterprise associated with the target 
network resource 1 08 can communicate with die target network resource 108, and c) 
"authorized access" in which only recognized users 110 can communicate with the target 

-4- 
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network resource 108. Additional information/^^ ™*y also be 

specified in addition to the foregoing predefined user access levels. For instance, hours 
of operation, data handling capabilities, and resource pricing may also be specified. Also, 
restrictions/permissions may be provided either on a per-user basis, or per-group basis. 

5 

The administration server 1 04 provides resource administrators with access to the 
resource registry 102 to facilitate updating of the target address, resource type, user 
access level and mfbxination/restrictioiis/pernnssions identified in the resource records of 
the resource database 114. In the case of network resources 108 configured for 

1 0 authorized access, the administration server also allows the resource administrators to 
specify a resource name and password for each network resource 108. As will be 
appreciated, this mechanism allows the resource administrator to make adjustments, such 
as to pricing and page limit, in response to demand for the network resources 108, and to 
make adjustments to restriction^^ernussions/passwords to thwart unauthorized access to 

15 the network resources 108. 

Preferably, the administration server 104 provides controlled access to the resource 
database 1 14 so that the resource administrator of a particular network resource 108 is 
only allowed access to the resource records associated with the resource administrator's 
20 network resources 1 08. 

As discussed above, the driver database 1 16 includes resource drivers to allow user 
application software to communicate with the network resources 108. As shown in Fig. 
2, when a network user 1 10 is setup to communicate with a target network resource 108 

25 (to be described below), the network communication device of the network user 1 10 is 
configured with a driver application 200 comprising a resource driver 202 from the driver 
database 116, and a wrap-around driver layer 204. The wrap-around driver layer 204 
includes a front-end layer 206, an administrator layer 208, and a data transmitter layer 
210, The front-end layer 296 is in communication with the network user application 

30 software and the resource driver 202, and typically only passes application data from the 
application software to the resource driver 202. The administrator layer 208 
communicates with die resource registry 102 over the Internet 112 and the target network 
resources 1 08 to ensure that the driver application 200 is properly configured for 
communication with the target network resources 108. The data transmitter layer 210 is 

35 in communication with the resource driver 202 and is configured to transmit the data 

output from the resource driver 202 over the Internet 1 12 to the target network resources 
108. 

The authoruation server 106 is in communication with the resource database 1 14 and the 
40 driver database 1 1 6 for providing the network users 110 with the wrap-around driver 

layer 204 and with the resource drivers 202 appropriate for the target network resources 
108. Preferably, the authorization server 106 is configured to provide the data transmitter 
layer 210 with the network address of the target network resource 108, over a 
communications channel secure from the network user 1 1 0 so that the network address of 
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the target network resource 108 is concealed from the network user 110. In die case 
where the network 1 12 comprises the Internet, preferably the secure communications 
channel is established using SSL protocol. 

5 Typically, each network resource 108 comprise* an IPP-compliant printer. However, as 
discussed above, other data communication devices, such as facsimile mac h ines, image 
servers and non-IPP-compliant printers, may be used in addition to or in replacement of 
an IPP-compliant printer. In die case where the network resource 108 comprises an IPP- 
compliant device, the network address of the network resource 108 comprises the 

10 network resource IPP address. However, in the case where the network resource 108 
comprises a non-IPP-compliant device and the network 1 12 comprises the Internet, 
preferably the network resource 108 is linked to the network 112 via a server, and the 
network address of the network resource 108 is the IP address of the server. 

1 5 Typically each network user 110 communicates to the network resources 1 08 using a 
communication device, such as a personal computer, linked to the network 112. 
However, the network users 1 10 may also communicate to the network resources 108 
using other communications devices, such as wireless telephones, pagers or personal data 
assistants. 

20 

To facilitate communication with network resources 108 located within an e nte rp ri se 118 
behind the enterprise firewall 120, as shown in Fig. 1 > preferably the network resource 
control system 100 also includes a proxy server 122 located outside the enterprise 
firewall 120, and a polling server 124 located behind the firewall 120 within the 
25 enterprise 118. Preferably, the proxy server 122 is located on-site at the enterprise 1 18, is 
provided with a network address corresponding to the enterprise 118, and includes a 
queue for receiving application data. However, the proxy server 122 may also be located 
off-site, and may be integrated with the authorization server 106 if desired. 

30 Typically the enterprise 1 1 8 includes a server 126 for communication with the network 
resources 108 located behind the firewall 122. The polling server 124 is in 
communication with the enterprise server 126 for communication with the network 
resources 108 located within the enterprise 118. The polling server 124 is configured to 
poll the proxy server 1 22 through the firewall 120 to determine whether application data 

35 is waiting in the queue of the proxy server 122. However, as will be appreciated, the 
proxy server 122 and the polling server 124 may be eliminated, if desired, and a port 
provided within the firewall 120 for coimnumcation with the network resources 108 
located behind the firewall 120. 

40 Preferably, the network resource control system 1 00 also includes a transaction server 
128 and an archive server 130 accessible over the network 1 12 via the administration 
server 104. The transaction server 128 is in communication with the authorization server 
106 for keeping track of each communication request between a network user 1 10 and a 
network resource 108. For each transmission, typically the transaction server 118 



CA 02299824 1999-03-01 



maintains records of the originator, recipient, date, time and file size of the transroiasion. 
The archive server 130 is configured to retain copies of the application data transmitted, 
for a specified period. The network user 110 may specify whether the transmitted 
application data is to be archived, and the archive period, during a user registration step, 
5 described below. 

Preferably, the administration server 104 provides controlled access to the transaction 
server 128 and the archive server 130 so that only the network were 110 which originated 
transmission of the application data is allowed access to any information associated with 
10 the transmission. 

To communicate with a network resource 108, preferably the network user 1 10 first 
selects a target network resource 108, and configures its computer for communication 
with the target network resource 1 08. The network user 1 10 may also register itself with 

1 5 the administration server 1 04, by specifying any required information, including the 
network user's name, physical address, and e-mail address. The network user may also 
specify that an e-mail notice should be sent to the network user 110 after a successful 
transmission of application data to the target network resource 108, and whether 
archiving of the application data is desired. However, the registration step is optional and 

20 may be dispensed with if desired. 

If no network resource 108 has been selected, the network user 110 queries the 
administration server 104, via its Internet browser, for a list of available network 
resources 1 08. The network user query may bi based upon any desired criteria, including 

25 print turn-around time and page size (where the target network resource 1 08 is a printer), 
price, and geography. In addition, the network user 110 may provide die administration 
server 104 with the geographical coordinates of the network user 1 10 in order to 
determine the network user's nearest network resources. The ability to specify the 
geographical coordinates of the network user 1 10 is particularly advantageous if the 

30 communication device of the network user 110 is a wireless telephone, pager or personal 
data assistant In this latter variation, the administration server 1 04 may be provided with 
the network user's geographical coordinates through any suitable mechanism known to 
those skilled in the art, including latitude/longitude co-ordinates, GPS, and wireless 
triangulation- 

35 

Preferably, a network user 110 will only be provided a list of pseudo-names associated 
with each network resource 108 satisfying the designated search criteria. Further, 
typically the pseudo-name list will only identify network resources 108 registered for 
public access. However, if the network user 1 1 0 identifies itself as a registered user by 
40 entering a usemaroe and password provided at' the time of registration, the pseudo-name 
list will also identify network resources 108 which have been registered for authorized 
access and to which the network user 1 10 is authorized to communicate. Also, if the 
network user 1 10 is member of an enterprise 118, the pseudo-name list will also identify 
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network resources 108 which have been registered by the enterprise 1 1 8 for private 
access. 

Upon receipt of the resource list, the network user 1 10 selects a target network resource 
5 108 from tbe list The administraticm server 104 then queries the network user's network 
communication device to determine whether the communication device has been 
configured with the appropriate resource driver 202 for communication with the target 
network resource 108 and, if not, prompts the network user 1 10 to download the 
necessary resource driver 202. 

10 

Once tbe network user 108 desires to communicate with a target network resource 108, 
the network user 110 transmits a communication request via its application software to 
the driver application 200. The front-end layer 206 of the driver application 200 receives 
the application data, and passes it to the resource driver 202 for processing. In addition, 
15 if the network user 1 10 has not previously selected a network resource 108, the front-end 
layer 206 contacts the administration server 104 over the Internet 1 12 and prompts the 
network user 110 to select a network resource 108, as described above. 

The front-end layer 206 also notifies tbe administrator layer 208 of the driver application 
20 200 of the print request The administrator layer 208 then provides flic authorization 
server 106 with a request fen- printing to a target network resource 108. Typically, the 
administrator layer 208 provides the authorization server 106 with the pseudo-name 
associated with the Urget network resource 108, a network user identifier, and a resource 
driver configuration identifier. The authorization server 106 then queries the resource 
25 registry 102 with the pseudo-name of tbe target network resource 108 for the associated 
resource record. The authorization server 106 extracts the user access level from the 
resource record, and based on the network user identifier, determines whether the 
network user 1 10 is still authorized to communicate with die target network resource 108. 
If the network user 1 10 is still authorized, the authorization server 106 then provides the 
30 administrator layer 208 with the network address of the target network resource 108. In 
the case of a network resource 108 configured for authorized access, the authorization 
server 106 also provides the administrator layer 208 with the resource name and 
password associated with the network resource 1 10. 

35 The administrator layer 208 then queries the network resource 108 over the Internet 1 12, 
using the received network address, to determine whether the target network resource 1 08 
stiJl resides at the specified network address, is operational and is on-line. The 
authorization server 106 also extracts the resource type from the resource record, and 
based on the resource driver configuration identifier, determines whether the network 

40 user 1 1 0 is still configured for communication with the target network resource 1 1 0. If 
the network user 110 no longer has the correct resourco driver 202, the authorization 
server 106 queries the driver database 1 16 for the correct resource driver 202, and 
prompts the network user 1 10 to download the resource driver 202. This driver 
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configuration verification step may be performed concurrently or consecutively with the 
network address providing step described in the preceding paragraph. 

Meanwhile, the resource driver 202 translates the application data into a format suitable 
5 for use by the target network resource 108, and then passes the translated data to the data 
transmitter layer 210 of the driver application 200- Preferably, the data transmitter layer 
210 compresses and encrypts tie translated application data upon receipt The data 
transmitter layer 210 also receives the network address of the target network resource 108 
firan the driver administrator layer 208, and transmits the compressed, encrypted data 
10 over the Internet 1 12 to the target network resource 108. 

If the resource administrator has defined the user access level of the target network 
resource 108 to allow public access to the network resource 108, preferably the target 
network resource 108 is accessible through a local server which serves to queue, decrypt 
IS and decompress the application data prior to transmission to the target network resource 
1 08. Alternately, the target network resource 108 itself may be configured for 
transmission over the Internet 1 1 2, such as an EPP-capable printer, so that the target 
network resource 108 prints the application data directly. 

20 If the resource administrator has defined the user access level of the target network 

resource 108 to allow only private enterprise-based access to the network resource 108, 
the proxy server 122 located outside the enterprise firewall 120 receives the application 
data, and transfers the application data to the proxy server queue. The polling server 1 24 
located behind the enterprise firewall 120 periodically polls the proxy server 122 to 

25 determine the status of the queue. Upon receipt of a polling signal from the poDing 
server 124, the proxy server 122 transmits any queued application data from the proxy 
server queue, through the enterprise firewall 120, to the polling server 124. The polling 
server 124 then parses the network address associated with the received application data, 
and transmits the application to the appropriate server 126 or network resource 108 for 

30 processing. 

If the resource administrator has defined the user access level of the target network 
resource 1 08 to allow authorized accow to the network resource 108, preferably (he target 
network resource 1 08 is accessible through a local server which serves to queue, decrypt 
35 and decompress die application data, and extract die resource name and password 
transmitted along with the application data. The local server then transmits the 
application data to the appropriate network resource 108 if the received resource name 
and password are valid 

40 Regardless of the user class defined for a network resource 108, if the resource 

administrator relocates the target network resource 1 08 to another network address, 
and/or changes the device type and/or restrictions/pennisaions of the network resource 
1 08, the resource administrator need only update the resource record associated with die 
network resource 1 08 to facilitate communioatioi) with the network resource 108. 

-9- 



CA 02299824 199903-01 



Subsequently, when a network user initiates communication with the network resource 
108 with the original pseudo-name* the authorization server 106 provides the 
administrator layer 208 with the updated network address of the network resource 1 08, or 
prompts the user 1 10 to download the /appropriate resource driver 208, if the network user 
5 1 10 is still authorized to communicate with the network resource 1 08. 

In the case of network resource 108 configured for authorized access, if the resource 
administrator desire* to change the device name and password associated with the 
network resource, the resource administrator need only update the device name and 

10 password provided on the resource record. Subsequently, when a network user 110 
initiates communication with the network resource 1 08 with the original pseudo-name, 
the authorization server 106 provides the administrator layer 208 with the updated 
resource name and password of the network resource 108, if the network user 1 10 is still 
authorized to communicate with the network resource 108. A network user 110 who is 

15 not authorized to communicate with the target network resource 108, will not receive the 
updated device name and password from the authorization server 1 06 and, consequently, 
will not be able to communicate with tho target network resource 108, even if the user 
1 10 knew the network address for the target network resource 108. 

20 The following pages identify further details and benefits of the preferred embodiment. 
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lOVERVIEW 

A mechanism for easily identifying, controlling, and using personal contact 
information is disclosed. The first embodiment of this method is the support of remote 
printing devices available through the Internet or internal Intranets is disclosed A Global 
5 Registry is used to control access to and catalog User contact Infor m a tio n and Internet 
Printer Protocol ready printers as well as Proxy enabled standard printers. The invention 
uses the Global Registry to broker interactions between the users, their contact 
information, including the available printers. The invention includes the use of a wrapper 
layer of software around standard O/S print drivers to allow current application 
10 technology to be Internet print enabled. The user of the invention is shielded from the 
complexity and risks of maintaining the current status of those wishing to contact them 
directly or by printing to a remote printer across the Internet. The providers of the 
remote printers are shielded from the risks of providing access to their printers and 
network resources. 

15 

2Global Registry 

The Global Registry is a central location on the Web that allows Users to register 
personal information, including physical location, phone numbers, cell phones, pagers, 
faxes, internet aware printers and other information. This registered information is 

20 protected by passwords, known only to the person registering the information 
(registrant:). The registrant identifies a list of other registrants of the Global Registry that 
they grant access to, and what aspects, of their personal information that they grant that 
permission. This permission is also password controlled, and can be limited by factors 
such as date, elapsed time or access count. The depth and type of information revealed to 

25 other registrants can also be controlled on an individual basis. For Instance contact 
information granted to family members could be different from that granted to co- 
workers or customers. 

The registrant can update the contact information at the central registry whenever any 
aspect of their contact information changes. These changes are then automatically updated 
30 for the other registrants who have been granted access to this information, when they 
fff^Migfr contact with the central registry. This gives the registrant a single location to 
update information, ensuring that those granted permission to contact them, can always 
get current information. 

The first implementation of the method disclosed, is the printerOn System, which is 
3 5 designed to manage and control contact to individuals and organizations through internet 
enabled printers and fax machines. This same method is applicable to other contact 
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information nick as email addrattet, pager numbers, physical location, phone numbers 
and other information the registrant might wish to share. 



3PRINTERON OVERVIEW 



3.1 PRINTERON 

printerOn is tbe name of a system of Web based components and drivers that allow 
current, normal, commercially available Applications to gain controlled, protected 
printing across tbe Internet to remote printers. PrinterOn is a sample implementation of 
the Global Registry method. 

PrinterOn Maim Components 

Registration Server • The Registration Server is a Web Server site that supports the 
registration of Printers and Users as well as the definition of User or Printer groups. It 
also provides a portal for the provision of advertisement information and sale of 
merchandise to the registered base of users for any services or products of interest to the 
15 users. 

Naqft Sgyver - The Name Server is a Web Server that supports the identification of 
the appropriate printer IP address for the use of the printerOn Driver and the validation 
of the User's privileges 

PrinterOn Driver - The Driver is a Client Application that looks like a standard 
20 device driver that encapsulates the actual printer driver on that O/S, and provides services 
to route the print stream to Internet Printers. 

Proxy Server - The Proxy Server is a Web Server that supports the spooling, 
encryption and compression of printer data streams to the appropriate printer IP address 
for the use of the printerOn IPP Print Server. 

25 Global Prim ^ fte pstrv - Tbe PrinterOn Global Print Registry is a repository for all 

of the registered Printers and Users that controls and grants permissions to the users of 
the system based on the PrinterOn printer settings. The Registry is based on a database 
tweyfcl frith the accompanying Active Server Pages controlling the transactions. 

3.3 PrinterOn Reg istration Server 
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The PrintciOn Registration Server supports the registration of both printers and users 
into the PrinterOn system. The registration of a user consists of entering information such 
as their Name, e-mail address, real address and the IP identification of their device. 

The Registration Server is the main Web interface between Users and the PrintexOn 
5 system. 

The registration of a printer, consists of identification of the u*er defined Printer Alias 
Name, the IP address of the printer, the Printer On class of the printer (Public, 
Authenticated Public, or Private), and if the printer has been identified as Private, who 
is allowed to print to the registered printer. 

ia. 4 PrinterOn Name Server 

The PrinterOn Name Server provides several services to the PrinterOn System in 
direct communication with the PrinterOn Driver. 

In the normal printing process the Name Server would respond to a request for the 
address of the Printer Alias with a resolved IP address and DNS name for the printer, if 
15 it was available to that user. If they were a registered user they could sec the Public and 
Authenticated Public printers in the Registry, filtered as they saw fit. The user could only 
get a response to a private printer if they were on the list of users associated with that 
private printer or had access to the printer account and password of the private printer. 

3.5 PrinterOn Drivers 

acs.l Global Print Driver 

The PrinterOn Global Print Driver is a code wrapper that encapsulates a Standard 
O/S Printer driver with a layer that communicates through a standard Port to the Web. 
The driver supports the IPP standard protocol and the interaction with the Name Server. 

The Global Print Driver is composed of four parts, the Driver Control, the Port 
25 Monitor, the IPP printer communication and the IPP print server data stream control. 

The novel item is the implementation of a printer driver that passes information 
through to a Standard O/S Printer driver, while malting use of communication with a 
Website. 

A method of controlling the processing or printing requests to a Windows 95, 98 or 
30 NT print driver by encapsulating a standard Windows print driver, with a layer that 
functions as a print driver at the interface, but, allows for control of the print data stream 
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being passed to window*. This allows for additional processing of the data stream after ii 
has been passed to the driver layer by any Windows application and also the addition of 
information or redirection of the print driver output from a local printing process to a 
remote IPP printer. 



3s5.2 universal Print Driver 

The PrinteiOn Universal Print Driver adds a set of standard O/S Printer drivers built 
into the driver layer itself, that support the basic data streams for printing to a wide range 
of printing devices. The idea here is that the printer driver can not only handle control 
and permissions in a Web environment, but also support printing capabilities to a range 
10 of printers without the user needing to install drivers for those printers locally by 
themselves. 

3.6 PrtnterOn Proxy Server 

The printerOn Proxy Server is the provision of IPP services to those users who do not 
wish to expose their IPP printers outside of a firewall, it also provides services to those 
15 who do not have IPP enable printers or servers, but, wish to receive prints over the 
Internet, 

The Proxy server has three components in the design of this subsystem. The first 
component is an add-on part of the PrinterOn Driver. This part allows for the 
compression and/or encryption of a data stream in the pass-through printer component 
20 of the Global or Universal PrinterOn print drivers. 

The second component of the PrinterOn Proxy is a Web location associated with the 
printer On jiet site that identifies a queue for the printerOn Proxy Printer. The queue is 
monitored by the printerOn Print Server and if data appears in the queue, the Server 
initiates a download of the data from behind the firewall, at the printer location. This 
25 solution means that Administrators can provide the services of an IPP printer without 
opening a port through the Firewall of their network* 

The third component of the printerOn Proxy is the printerOn Print Server that is 
located at the site of the Proxy Printer. This server supports the decryption and expansion 
of the data stream being spooled from the Proxy Queue and then passes this to the printer 
30 connected to the server. This means that data streams that are IPP compliant as well as 
others may serviced by printing devices that do support the IPP capabilities. 
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3.7 Registry 



3.7.1 Global Print Driver Registry 

The Global Print Registry is the database of registered Printers and Users that 
comprise the printerOn system. The level of indirection provided by this registry 
5 allows for the insertion of many services and capabilities not supported by standard 
IPP printers or other Internet printing solutions. The use of both User and Printer 
Aliases rn**vt that the actual physical connection or the physical device behind that 
alias can be moved, reconfigured or changed without changing the appearance of the 
alias at the user level. The Administrator of the system can modify and m a int a in a 

10 distributed group of printers over the Internet, simply by accessing the single registry 
location. The use of the alias also ensures that the publication of the address on a 
website, business card or directory is a viable alternative as the alias is controlled and 
mapped to the cKonyng network underneath* Even physical location can be easily 
changed. This means that printing can work at the same virtual portal style that users 

15 have come to expect from browser access to the Web. 

The use of printer IDs and user Ids in the system, in conjunction with passwords, 
mta n « that the use of the internet printers can be controlled, and modified from the 
same central registry. 

20 



4printerOn Process Discussion 



4,1 registering a Printer 

4.1.1 Registration of an IPP Printer 

25 PrinterOn as a system is centered around the internet printer. Unlike standard systems 

that focus on the user and permissions PrinterOn is unique in that it is printer centric. 
The printer is given an identification and is registered in a central registry, with a level of 
security and if necessary, a list of users that may be granted permission by the printer 
itself, to use the printer. This is a unique level of active security to control the use of the 

30 printers. To accommodate this level of security, printers that have an IPP interface must 
be registered within the PrinterOn system. This registration is entirely in the control of 
the Administrator of the printer, both in initiating the registration and in maintaining the 
nature and type of printer at that location. 
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The PrinterOn Printer Registration consists of fields such as: 

• The unique printer identification 

• The Organization and location 

• Printer's printerOn Alias 
5 • The Printer's IP Address 

• The Printer's URL 

v PrinterOn printer type (public, public authenticated, private) 

• Pen Mapping Parameters for printerOn 

• Printer Model and Make 
10 • Printer Driver URL 

• Administrator ID and Email 
« Administrator Password 



Once a printer has been registered, if it has been identified as a Private Printer, 
15 additional information on the Registrants that can locate and use that printer can be 
entered These Registrants must be registered users of the printerOn System with entries 
in the Global Print Registry. Once the Registrants have been identified as having access 
to the Private Printer, then they can use this printer as any other printer. The access to 
the Private Printer can also be controlled by individual passwords for each of the 
20 Registrants. The major advantage of this system is that the printer Administrators can use 
the Global Print Registry to control access and use of Private Printers through a single 
central location. The only other alternative for control of access to IPP enabled printers 
is through password control on the individual IPP servers, which must be configured 
individually on each of the servers locally. This gives Administrators the ability to control 
25 a geographically dispersed set of Private Printers quickly and easily. 

1 1.0.1 REGISTRATION OF A NON-IPP PRINTER 
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If the user has a printer that doei not have an IPP Server or is not enabled with IPP 
technology, the printerOn system provides the ability to provide an IPP Proxy for 
connected printers. If the user registers a printer and identifies it as a non-IPP printer, the 
printerON Jiet site can provide a printing queue to store and process data transmitted 
5 across the internet. If users of the printerOn system print to that printer the Proxy 
services in the printerOn Print Driver are enabled and the data is known to be being 
transmitted to a non-IPP printer and is routed to the printerOn.net site. From there the 
data is queued and sent on to a printerOn Proxy print server located at the non-IPP 
printer's location. This Print Server then formats the data stream and forwards the 
10 information to the printer. 

11.0.2 Printer Groups 

The printerOn.com interface allows for the registration of a Group of Registered 
Printers. This Printer Group consists of a series of printers that have been registered in the 
Global Print Registry associated and given an Alias by the User. This grouping of 
1 5 Registered Printers gives che user of the system the ability to print to a set of IPP Printers 
simultaneously, through their standard printing interface. The user simply ide n tifies the 
printerOn Printer Group as their printer in their application printing dialog, and the 
resultant print is sent to all of the Registered Printers in that group. 

If the Group of Registered Printers includes Fax locations, those fazes will be 
20 simultaneously sent along with che prints to the appropriate fax machine. This means that 
printers and faxes can be mixed within a single information exchange. If there are several 
rax locations, these can be routed to a fax distribution center for further forwarding to the 
actual fax devices. 

1 1 .0.3 Registrant Groups 

25 The printerOn.com interface also allows for the registration of a Grouping of 

Registrants. This would enable work groups or company divisions to identify a group of 
people that could as a class, be granted access permission to a given Private Printer. 
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The users of the printerOn system must register with the Global Print Registry to 
ensure that they can use the full features of the printerOn system. Users log onto the 
printerOn.com website and enter the User Registration information to ensure the 
printerOn system can recognize them and identify which printing capabilities are available 
5 to them. If Users do not register, then they can only use the Public Printers listed in the 
registry. Once the users hare registered they are considered to be Registrants in the 
printerOn system and can have access to Authenticated Public printers and those private 
printers that they have been granted access to. 

The data captured during the printerOn Registration of a User such as: 

10 • A unique User Registrant identifier 

• A Registrant name 
■» An address 

• A valid email address 

• An assigned Registrant password, emailed to the above address. 
15 • Default printerOn settings 

• A fax alias 

• A phone number 
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81 PIMPING A PRINTER 

8.1.1 When Printing 

5 When the user identifies chat they wish to print from an application using the 

printerOn driver, the can cither identify the printer from their favorites list, type in the 
Printer Alias or invoke the Search Browser to look for a printer in the Global Print 
Registry, 

Once the user has identified the printer they wish to use, the printers characteristics 
10 are checked to determine if the user has a printer driver for that device, if the printer is 
online through an IPF status check and if the user has permission to print to that device. 

If the user has the appropriate driver and permission, the prinrerOn Printer will 
become the default printer for that application and workstation, ready for printing. 

For Registrants of the printerOn system who wish to use advanced search techniques 
1 5 during a printing job searches can be done by available printer types, geographic location, 
delivery capability, job quality or by a reverse bidding process. This reverse bidding 
process consists of comparing Registered Printer capabilities and pricing with the 
Registrants request for services and providing the Registrant with a best fit solution. 

8. 1 .2 When Online to pRimtRON.coM 

20 When the user is accessing printerOn.com they have the ability to search for printers 

available to r*"»™, they can search either geographically, by printer model or by printer 
type and permissions. 

The user also has the ability to undertake the same advanced searching techniques for 
printing resources that are available from the printerOn Driver interface. These can 
25 involve determination of the best price for a printing job, the closest geographic location, 
perhaps fastest delivery or closest match to the required capabilities. 

Once they have located a printer, they can choose to add this printer to their List of 
Favorites in the printerOn Driver. 

Z-2 Printing a noriTMENT 
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When the user is printing from an application, they can use the default selection or 
choose a new printer from their favorites or browse the printerOn.net website for a 
printer in the Global Print Registry. 

Once a printer has been identified the printer TP address is communicated in an 
5 encrypted message to the printerOn Driver and the user may print to this Remote Printer. 
When the print is initiated the printerOn driver will communicate with printerOn.net 
to ensure that the permissions and printer status and location are valid. 

If the response to the communication indicates that the printer has been changed, the 
printerOn driver will check the local system for an appropriate printer driver for the 

1 0 newly installed printer. If it is not available then the printerOn driver will request a copy 
of the appropriate driver from printerOn.net. If the printer driver is not available at the 
printerOn.net site, the printer Administrator will be notified and the Registrant will be 
asked to find a copy of the appropriate driver. If the driver is available, then the printerOn 
Driver will download it to the Registrants machine and continue with the printing 

15 request. 

The printerOn Driver then allows the data stream from the application to pass- 
through to the printer model device driver for processing. Once this is completed the 
printerOn driver then gets the data stream from the driver and packages it up into an IPP 
data stream or a Proxy data stream for a non IPP printer. The IPP layer of the printerOn 
20 driver then initiates an IPP session with the actual remote printer confirms it's status and 
sends the data. The driver then in parallel, sends a transaction record to printerOn.net to 
record the printer usage and statistics such as number of pages, transmission time and 
other statistics for accounting and administration purposes. 



25 9 Identified Vertical Market Application for 

PrinterOn 



9.1 Overview of applications 

• Universal Use - The Universal use applications are those that are generally 
applicable to all printing applications. 

30 • Wireless Applications - The Wireless applications are those services and 
capabilities that enhance the use of wireless devices. Such as interactive pagers or 
cell phones 
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• Fax Substitution - The Fax Substitution is the provision of services that will 
supplement or replace the normal fax transmission process. 

• IPP Server Enhancement - The IPP Server Enhancement applications are services 
and capabilities that expand the use and function of the IPP standard printers. 

5 « Reprographics - The Reprographics applications are those that enhance the 
commercial printing and services market. 

5,1.1 Hotel Guest Printing 

For business travelers who need printed data, but do not bring printers with them, 
10 hotels can register an IPP printer with printerOn.net. When a guest arrives at the 
hotel, he or she can be assigned a valid printerOn userlD and password by a Printer 
Administrator at that Hotel through the printerOn.com Website, that will allow 
access to the hotel printer for the duration of the guest's stay. printerOn will broker 
access to the printer in such a manner that it remains secure. printerOn can provide 
15 the hotel with the option of tracking printer usage for guest billing purposes. Guests 
can print from their rooms through dial-up internet connections using printerOn.net, 
and pick up their output at the front desk. If they wish they can also print a cover page 
on each of their print jobs, identifying who the prim is to go to. 

20 Once the guest has been registered with printerOn.com their access to the printer will 
be automatic for the duration of the configured access. The printerOn driver will 
substitute the password for the printer into the print request from the guest's 
application. The hotel can then get a record of the guest's printing activity for billing 
purposes. 

25 
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5.1.2 White Pages 

printcrOn.nct will act as a search engine for ZPF print addresses, allowing users to 
always locate the appropriate device even as servers and printers arc being replaced or 
5 moved. Organizations can update the parameters for registered printers at 

printerOn~net to r r "' ,r,, ' rT,, *»* disruptions in service for those authorized to access their 
printers. This means that system administrators can reconfigure or replace physical 
printers, while retaining the permissions) passwords and Printer Aliases for the 
Registrants. The Registrants will not necessarily even be aware that the physical 
10 printer that they use has been c ha nged 



5.1.3 Distribution Groups 

printerOn allows the creation of a logical Printer Group, so that users can send a copy of 
a document to a number of people or printers in one step. By printing to the group, a 
15 copy of the printout is automatically duplicated by the printerOn Print Driver by 
recursively printing and sending to each device belonging to the group. The standard Print 
Driver needed to print to each member of the group will be detected and inserted as in the 
single device printerOn process. 

5.1 .4 Pato-For-Papers 

20 printerOn.net can broker physical prints of an organization's purchased reports 

directly to a consumer's output device, saving the time and cost of shipping hardcopy 
versions. There is no intermediated electronic form that may be copied, and the report 
is available immediately. ; 

The provider of the reports, can request the IP address of the customers printer, or ask 
25 that the customer register the printer as Private. Then the provider can print to the 
printer, with a record of the transaction being' available to show delivery. 
If the person requesting the print wishes, they, can have the print stream information 
forwarded to a local printing shop to be picked up or forwarded 

501.5 Print/Fax Archival 

For clients who require records of faxes or IPP prints, but lack document archival 
software, printerOn.net can host a copy of print jobs for a period of time. The prints 
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can be regenerated or retrieved on Remand by those with suitable password access. 
prinierOn.net will also work closely document management companies to provide 
similar capabilities for larger organizations with a higher degree of IT strategy. This 
capability can be supported by the printerOn system, because the printerOn driver is 
capable of producing multiple renditions of a single print request, one of which can be 
routed to an archival process. 



5.1.6 FOLLOW-ME PJUNTER 

Registering with printerOn ensures that faxes or prints always reach recipients who 
10 change their locations. Corporations can be certain that output will find traveling, 

former, or vacationing employees, and can also redirect prints for absent employees to 
suitable alternates. An individual registers a virtual IFP address with printerOn. This 
virtual DPP address is the one they prpose to the world, As they change locations, as 
the Administrator of their printer,ithey can visit the printerOn Web site and redirect 
15 their virtual 1PP device to the IP aidress of the physical print device at their current 
location. 

i 

i « 

S 3 Wirfi.b«s Application 

j 

5.2.1 PKHsTITNG WnjuELESS EMAIL 

20 For business travelers who receivej^mail, printerOn will have integrated solutions 

with wireless data services that allow the recipient to print a copy of the message on an 
rPP printer. The wireless user canf specify the printer they want to use, or can rely 
upon printerOn services to locate a suitable printer based upon geographic location 
and other requirements. Geographic location may be established by several means, 

25 including GPS, wireless cell triangjulation, or manual entry. 

5.2.2 Obtaining eLiail Attachments 

I ; 

E-mail attachments can be printed directly to'printers rather than opened in the 
programs they were created in. Wireless devices, such as Internet-enabled cell phones 
30 and wireless modems or pagers, can 1 thus alert the user of a received attachment 

without w™-ti«g to deliver the contents to the device. The business traveler can request 
that the e-mail be forwarded to pxJtnterOn.net with a request to output the message and 
attachment on a hardcopy printerj. This hardcopy may be a Six machine, public, 
private or Virtual IPP printer. printerOn will also be able to obtain the geographic 
35 coordinates of a wireless device either from a GPS or cell phone locating service to 



i 
i 
i 
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automatically route the prints to the nearest printer, or provide the user with a list of 
nearest printers to choose from. 

5.3 Fax Subs titution • 

,i 
.1 

5*3.1 Improved Faxing 

i 

printerOn.net can replace faxes, with; high quality prints that retain fine details 
traditionally lost »«ng fax machines. An IPP printer can be registered along with the 
fax number(s) for which it is a substitute. Clients can cross-reference these fax 
numbers (which are commonly avilible) into IPP print addresses to send high quality 
1 0 fax-equivalents to business partner!; ^rinterOn.net is capable of determining when a 
fax number does not have an IPP equivalent, and dropping into standard fax mode 
under these circumstances. .| 

I '* 

If numerous real £ax locations are identified, then fazes can be routed to a fax 
15 distribution center for forwarding.- j* 

5.4 IPP SERV Ett ET^ANdjENfEN^T 

u 

5.4.1 IPP Printer Adapter 

printerOn can create virtual IPP printers for companies whose printers are not IPP 
20 compliant, or who lack the arperriseffto set up an IPP device. Corporations receive an 
application that runs on their WiniicWs NT, 2000, or Linux print servers that allows a 
printer to behave as a virtual IPP printer when used in conjunction with 
printerOn.net. This application communicates with the printerOn Web site to 
convert IPP print requests from aqyikource into a print request for non-IPP printers. 

25 I ■* ' 

,t 

5.4.2 Pen Mapping li 

; lj. 

The printerOn Driver creates ajdijfnnition table to map the data stream being presented 
to the Print Driver Interface to any) of several standard or custom definitions. This me a ns 
that the color of the objects can be mapped to other colors or grayscale, the thickness of 
30 lines can be mapped, the fill patterrjfs ijsed can he modified or mapped to color or grayscale 
fills. In the printerOn system, beeausfe the driver knows the capability of the final printing 
device, the printerOn driver can automatically map the data input from the Application 
to an appropriate output stream for {that printing device, without any modifications or 
intervention with the originating Application. If the printing device is a black and white 

* u 
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printer, colon can be mapped to grayscale fills; or patterns. If the resolution of a printer 
is less than the original data, then fill patterns can be modified to accommodate the lower 
resolution. 



5s4.3 IPP Firewall Sludge 

For companies with security concer/Js over "pushing" data through their firewalls, 
printerOn can expose a printer without opening a port in the firewall. This is 
arcom pKyhgd by an application on tbjfc company's server that "polls" the printerOn 
service to identify when a print request has been made. It then pulls that data securely 
1 0 through the firewall, rather than aljojwing it to be pushed through. 

5.4.4 IPP Data Oi*|^izATipN 

To decrease the use of expensive or^ slow IoteiTiet bandwidth, printerOn offers a 
service/product combination that w^ll optimize data transfer for IPP print 
15 applications. The printerOn driver j!an compress the print data stream before 
transmission. printerOn software on; the receiving IPP server performs 
complementary decompression to jsijjpvide the necessary print data to the printer. The 
printerOn driver will "handshake"! with the print server to establish if this service is 
available on the printer, and automatically use;it when appropriate. 

20 ill- !: 



5.4,5 1TP DATA Qulb|jlNG .! 



To reduce printing bottlenecks caJslctby slow^ Internet connections or large print jobs* 
the printerOn Proxy provides a semce in which the printerOn.net Web site can 
respond with a "ready" signal to anyone wanting to print to an IPP printer. printerOn 
25 will t h ei queue the data and ensure transmissipn of the print request once the printer 



becomes availablr 1 



5.4.6 IPP DNS , ■;. 

For smaller organizations requiring Domain Name Server support (a requirement for 
30 remote printer access), printerOniet will act as a global DNS. This will simplify the 
process and reduce the cost of exposing IPP printers for the average company lacking 
the technical expertise or the financial rationale for building a DNS. 

i ! . 
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5.4.7 Print Identif^|^tio1|I: 

To provide some context for the pnnltj transaction, printerOn can either place h ead er 
text on the printed document or prijxjfjice a corcjer sheet to identify the source and 
destination of the document This ojrmt headei |or cover sheet can include information 
such as the time, date, who printed ink document, and who is expected to receive the 
document. 



Print A 




5.4.8 



printerOn can verify the auxhenti 
key encryption, and other accep 
reliance on courier and fax trans 
recipient of a print job is able to chin 
printerOn.net registry. Reprints 
for a period of time, and audit t; 



1 1 

5.4.9 Printer Acc©- 

To help organizations monitor 
printerOn.net can record all printer 
Customized reports for auditing pj| u 
flagged, and o-mail notification* c*i 
checking. 



5.4.10 Printer Use; 



CATION 



of a prit ^submission through passwords* public 
mechanisms. This further reduce* the 



as a means of validating transactions. A 
document validity according to the 
xnand 6f authenticated documents are retained 
available permanently. 




ties and track costs among departments, 
vity hjr. user, account code, and printer, 
osea can' be generated, unusual print behaviors 
sent to" a designated contact when supplies need 



JORHjjZATlON 

Critical documents can be pruiedijGJfet, rather fthan be delayed by long print jobs or 
slow data transfer. The printerOn j n ptem aflcjws the printer owner to identify 
printerOn users to whom they wis W to give priority access. A print request from such 
a user that is identified as being hij fi priority wall be given preference for next 
servicing, or may even terminate ( >i| 5-empt) t$e current print job depending upon the 
printer owner's configuration. 



5.4.11 Paper Size F ltering 



-29- : 



1 , 



CA 02299824 1999-03-01 



10 



15 



20 



25 



30 



35 



To eniure thai the correct paper 
owner of the registered printer can|d 
opposed to what page sizes are techy 
are actually installed in the device, 
ensure that the user has constrained 
condition from occurring. Alternai 
the print job so that it fits on the — 



Note that similar applications < 
and white printing, and folding | 



br the re note printer is selected by users, the 
to jjjrinterOn what page sizes are valid (as 
tally possible). Typically, these are the sizes that 
hen prin ijig from the printerOn driver, we will 
lot papei '[selection to a valid size to prevent this 



elv 3 printerOn can automatically scale (or resize) 
lable paper. 



;< t media ( paper, vellum, mylar etc), color/black 
, punci is, fold type, etc). 



5.4.12 Automatic Print D 



printerOn will ensure that the pi 
Thereby prevent the user from 
Global Print Registry allows an] 
can install or use an appropriate 
driver, the system will autoi 
the global registry database, either 
entirely block the print attempt. 



AND 



5.4.13 NOttFICATTOI 

To diminarr uncertainty, prime; 
successfully, and can inform the 
The system can be configured to 
notifications and receipts. Typically, 
the physical location and URL of uu\ printer, 



t 



MVER 



Validation 



and printer driver are compatible, and will 
ng inco iect output. To guarantee this, the 
td search lor a printer to discover its type, so they 
. e driver, furthermore, if you use the printerOn 
cneck tb ^currently selected print driver against 
provide a; warning of incompatibility, or to 



SCEIPTS 



can as5ui e 'the sender that the document printed 
,]ii^nt that k document has arrived at their printer. 
l pwior en£c tree the generation of print e-mail 
- Ithese mesfsages would contain information such as 
die number of pages, who printed it, and 



X snonitc r.will interact with the printerOn audit 
I to the print job. The audit site is capable of 

S" ; in coi porating this statistical data. The user 
user interface) or may choose to always obtain 
ir account appropriately. A recipient notification 
he e-mail i iddress of the recipient in the print 
are; their a ;count such that they always receive 



for whom it was printed. 
Upon completion of a print, the 
site to record the statistical data i 
creating e-mail notifications and r< 
may request a receipt in the print 
a receipt if they have configured 
is generated if the user has erne: 
driver. A printer owner can 

notification, or receive notification jja the eve & that an explicit notification was not 
requested. f 
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5.4.1 4 CONFIGURAllltSf-l^C 



To guarantee the bug-term validif 
the freedom to change printer j 
a logical printer. This alias 1 
printers) or server configuration, 
shielded from configuration 1 * 
modify their environment wichout| 



pnai 




ip Printer Naming 



5.4,15 Printer Di 

For companies con c erned about 
inappropriate use of equipment, 
printerOn allows the printer own* 
method is to restrict access to the 
provides a mechanism for trackinf 
behavior. Another unique print 
"denial" basis. Most access grani 
(printerOn supports this model), 
printer that says "any one can use 
is important since IPP printers 
environment is no longer control 
large. 

5.5 Reprog raphics 



while allowing printer owners 

. allows owners to create an alias for 

despi (jje changes to a host domain, servers, 
of priiLtcrOn.net and the printerOn driver are 
allbwing printer administrators the freedom to 
parting published URL printer names. 



ivinfc unsolicited information C 9 P a ^ n ") or ^ 
iting hate! messages, pornographic images, etc), 

track or block this type of behavior. One such 
iter onlyi to registered printerOn users. This 
^appropriate print users, which discourages poor 

concept jjjs the ability to grant a cc e ss on a 
protocols! identify who is allowed to use a service 
t also provide a means of controlling access to a 
printer ] IjJtCEPT for the following users...". This 
a new problem for printer administrators... the 
(as in a corporation). Rather, it is the world at 



5.5.1 



LARGE FOI 



The printerOn driver can asscml 
and apply the appropriate Printed 
the target printer. If the choice of { 
manufacturers control enviro; 
of Job Control codes to match 
intervention. 



5.5.2 



Printing. 



'copy 



njOfoB Submission 

I print jobs prom the Application printing process 
^ontrc |fwrappers F depending on the nature of 
lit location involves the use of a different printer 
, f then the printerOn driver can use a different set 
[selected re oriote output device, without user 



SHOPS 
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Small print stops, can register a sccjftje public IBP printer with printexOn.neT to serve 
customers who lack the equipment fBi skills to (J^int their specialized documents. The 
customer can then obtain the hank|jpy results |rom the print shop. The customer 
would contact the Print Shop, who^ijells them 1 :o use printerOn with a time limited 
UserlD and Password. The custom^ prints usfiig the printerOn driver on their 
desktop, which interacts with prinipjOajaet tonralidate and provide a temporary 
access to the Print Shop IPP printetfj [Once the print job is complete, the access 
expires. 



5t6.3 



Print Forwarding 



An application for the remote 
with good availability to the final 
printer. This means that documeni 
establishment near a courier hub 
hardcopy, without the necessity 
It would be printed and distribui 



The foregoing description is irn 
present invention. Those of 





ip produce hardcopy output at a site 
11 that destination does not have an IPP 



job, is 
•on, i 

iuld be printed remotely to a printing 
The courtier can distribute the resultant 

up u&e hardcopy and bringing into the hub. 
thatfiub. 



to be ilhisfrative of the preferred embodiment of the 
skill may envisage certain additions, deletions 
and/or modifications to the describe^ smbodim |ot which, although not explicitly 
described herein, are encompassed my the spirit or scope of the invention, as defined by 
the giflimg appended hereto. ? J 
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WE CLAIM: 




between network users and network reso 
a resource registry including rest 

the resource records defining a target 

resource} 

an administration server in corami 

administrators of each said network 

records; and 

a proxy server in communication 

transfer between the network users and 

records. 

2. A network resource control systi 
between network users and network resoi 

a resource registry in cluding resou| 
the resource records defining a target 
resource; 

a driver server including driver a] 
an authorization server in comini 
server for providing the driver application 
resource records for facilitating data t: 
resources* 

3 . A network resource control 
between network users and network res< 
network printing system comprising: 

a proxy server provided outside thj 
for printing; and 

a polling server provided within 
polling the proxy server for initiating 
proxy server to the polling server. 

4. A network resource control 
network printing system being associated: 
associated with network resources for all* 
network resources over the network, the 

a resource driver for facilitating a 
application and target ones of the networl 



1 . A network resource control systeml for allowii j i communication over a network, 




, the ne :work printing system comprising; 
records associated with the network resources, 
3j| and a res <rurce type for each said network 

ation wi el the resource registry for providing 
with access to respective ones of the resource 

1 

the resource registry for facilitating data 
y^rwork i« sources in accordance with the resource 

: ! } 

allowi i j communication over a network, 
, the natfjrork printing system comprising: 
records i isftociated with the network resources, 
and a rei jjurce type for each said network 

rations fen [the network resources; and 

ion wic |!the resource registry and the driver 
.to the network users in accordance with the 
bet w ee n the network users and the network 



communication over a network, 
behind an enterprise firewall, the 

l&rewall for receiving application data 

the polling server being configured for 
received application data from the 



over a network, the 
registry including resource records 
;k users to communicate with the 




aunication 
resources, 
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lting system comprising: 



of application data between a user 
ie resource driver including a driver 
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input for receiving the application data and 
application data; 

a driver administrator in commi 
of the resource driver in accordance with t 
network resources; and 

a data transmitter in r<Mttflivn trjTin j 
translated data to the target one network 

5 . A method for facilitating commi 
network resources, comprising the steps 

providing a resource registry 
resources! the resource records including 

receiving user access control data ; 
incorporation into the resource records; 

in accordance with the user access 
communication with the network resouxc 

6. A method for facilitating commu 
network resources, comprising the steps < 

receiving a request from one of 1 
of the network resources; 

obtaining resource configuration < 

determining a user authorization J 
resource; and f 

in accordance with the user author 
resource configuration data and user con£ 



driver oi 1|put for providing a translation of the 

le resource registry for configuration 
:ords associated with the target one 



ijwiththe 
jurces. 



atton, vc 



7. A method for facilitating commi 
network resources, comprising the steps 

providing a request from one of 
one of the network resources; 

receiving from the one network u 
network resource, and receiving resource' 



network uters for communication with a target 

application data for transmission to the target one 

_ | o t twork ac dress data associated with the target one 

network resource over a communications iiannel so Are from the one network user, and 

directing the application data over! ne netwoj 1: in accordance with received network 



address data. 

8* A method for facilitating commi 
network resources located behind an enti 



don daxji associated with the one network user. 

network, between network users and 



ion 




- output for transmitting the 



ion over 1 i network, between network users and 

records associated with the network 
cAtrol data; 
l a<immL » rators of the network resources for 

itrol dauj ^configuring the network users for 



ion over a network, between network users and 

rork ussrs for communication with a target one 

associate I with the target one network resource; 
[commu 



ion with the target one network 
lg a correspondence between the 



a network, between network users and 
fireball, comprising the steps of 



on over 
nse " 
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polling a proxy server located out 
communication with the network resourc 

receiving application data and i 
in response to the poll step; and 

directing the application data to 
network resource data. 




rise firewall for requests for 
resource data from, the proxy server 
ttilources in accordance with associated 
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